Google has fixed a series of serious vulnerabilities in its Chrome OS, including three high-risk bugs that could be used for code execution on vulnerable machines. Bug bounties is the cash prizes offered by open source communities to anyone who finds key software bugs have been steadily on the rise for several years now.
As part of its reward program, Google paid out $31,336 to a researcher who found three of the vulnerabilities. Google's post notes: "We're pleased to reward Ralf-Philipp Weinmann $31,336 under the Chromium Vulnerability Rewards Program for a chain of three bugs, including demo exploit code and very detailed write-up. We are grateful to Ralf for his work to help keep our users safe."
The three-bug chain credited to Weinmann exploited O3D, a JavaScript API (application programming interface) designed for crafting interactive 3-D graphics-based Web applications. The API and supporting browser plug-in were created by Google, with a preliminary version of the latter released in 2009.
Vulnerabilities that Google fixed in Chrome OS 26:
[227197] Medium CVE-2013-2832: Uninitialized memory left in buffer in O3D plug-in. Credit to Ralf-Philipp Weinmann.
[227181] High CVE-2013-2833: Use-after-free in O3D plug-in. Credit to Ralf-Philipp Weinmann.
[227158] High CVE-2013-2834: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Ralf-Philipp Weinmann.
[196456] High CVE-2013-2835: Origin lock bypass of O3D and Google Talk plug-ins. Credit to Google Chrome Security Team (Chris Evans).
Google has paid out more in various contests it's run or co-sponsored, including $100,000 to a two-man team from MWR InfoSecurity at last month's Pwn2Own.
Most of the rewards are in the $1,000-$3,000 range, with some going above that, depending upon the severity of the vulnerability and difficulty of exploitation.
"The Chromium Vulnerability Rewards Program was created to help reward the contributions of security researchers who invest their time and effort in helping us make Chromium more secure. We've been very pleased with the response: Google’s various vulnerability reward programs have kept our users protected and netted more than $1 million dollars of total rewards for security researchers. Recently, we've seen a significant drop-off in externally reported Chromium security issues."
Other big companies also pays bug bounties, but unlike Google, does not release the names of researchers or the payments they receive.
2 Comments
coach outlet
ReplyDeletecoach outlet store
chicago blackhawks
hollister pas cher
new york giants
canada goose sale
nike soccer shoes
lululemon outlet store
coach outlet store
nike shoes
michael kors handbags sale
ralph lauren polo shirts
michael kors handbags
michael kors outlet online,michael kors,kors outlet,michael kors outlet,michael kors handbags,michael kors outlet online sale,michael kors handbags clearance,michael kors purses,michaelkors.com,michael kors bags,michael kors shoes,michaelkors,cheap michael kors
nhl jerseys wholesale
atlanta falcons
links of london uk
new orleans saints
coach outlet online,coach purses,coach handbags,coach bags,coach handbags sale,coach handbags outlet
oakley sunglasses
canada goose jackets
hollister,hollister canada,abercrombie and fitch,abercrombie,abercrombie fitch,abercrombie kids,a&f
tory burch handbags
ralph lauren
boston celtics
michael kors handbags clearance
vans sneakers
michael kors handbags store
babyliss outlet
fitflop outlet
dddd1105
thank u for sharing information and if u want to know more about Watch Online TV for Free then pls visit us
ReplyDelete